I assume that if your Google-Fu has brought you to my humble little blog you are in the same position or at least a very similar one to the one that I was in just a few months ago. I was thinking about taking the exam to earn the OSWP (Offensive Security Wireless Professional) certification and searching the web to see if it held the same value today that it did in the past.
To give a little perspective on why I chose to take the cores and ultimately *SPOILER ALERT* pass the exam, I thought that it would best to give a vague outline of my current career. I’ve been working in I.T. for well over a decade. I currently work as a consultant for a small IT firm, with a significant portion of my duties being classified as InfoSec (or Information Security) related. Though I do not see myself ever becoming a pentester, I do aspire to improve my skills in that area.
So why did I choose to pursue the OSWP certification? Well, there were a few different reasons. The first is my desire to always be learning. The desire is what has led me to a career in I.T. and InfoSec in particular. I think that you are hard-pressed to find some in this industry who do not possess this desire.
Another reason was, as I mentioned earlier, a good portion of my job is classified as InfoSec, so I figured that I should have at least one certification to my name in that area.
I’ve always found wireless security to be fascinating. From how we try to secure our communication to the means of how we break those measures. I still remember my first time breaking a WEP key, long before YouTube was flooded with tutorials. That sense of accomplishment from figuring out how to use tools like aircrack-ng (http://aircrack-ng.org/) fueled my desire to learn for years to come, though strangely not down the InfoSec path until many years later.
Finally, one of the biggest factors is that I have spoken at a few conferences and boardrooms about wireless security in the past, and I wanted to add some weight to my words in future presentations.
Yes, the rumors are true, the course material is a bit dated. In fact, it was copyrighted back in 2014, which is half a lifetime in the computer world. There was a heavy focus on WEP (which is exceeding rare to come across, but I have seen it in the wild none the less) though WPA2 brut forcing was covered as well. That said there were also some solid wireless fundamentals, including packet break downs to help you better understand what you are seeing when analyzing packet captures.
The primary focus was on the aircrack-ng toolset, though some other tools were touched on as well. I was happy with the detail that the course when into on aircrack-ng. Not every option or feature was covered, but there was more than enough to give you a solid understanding of how to use the suite. On completion of the course work (386 page PDF, lab work and videos), you will not only be able to use the suite effectively but you will also know what is happening at every stage of the attack, allowing you to make modifications as needed. This fundamental understanding of the attack workflow is something that will distinguish you as a wireless professional, rather than a script kiddy using some automated tools.
This is one of the things that drew me to the OSWP, it was a practical exam. I had to prove my skills by determining the keys for 3 networks and then write a professional report (https://support.offensive-security.com/oswp-exam-guide/). This was accomplished by SSH-ing onto the remote exam system to carry out the attacks. Though you can SSH into the system multiple times, I suggest that you become familiar with the “screen” command (https://ss64.com/bash/screen.html). On top of knowing how to use “screen” I also found very handy to use “.bashrc” to set variables for the different MAC addresses used in the attacks. Taking the few minutes to carefully set these variables will not only save time while executing the attacks, but it will also save you from the pains of not having commands work because you mistyped one or more characters.
I should also mention that the exam is pass or fail, but unless you successfully obtain all 3 keys you will fail, regardless of your report.
While overall I was satisfied with the course, especially since I had a good idea of what I was getting into, having read other blog post about the course and exam. That said, I was hoping for some training on other potential WPA2 attacks such as the KRACK attack (https://en.wikipedia.org/wiki/KRACK) and at least some references to WPA3.
Was it worth it?
Yes and no, it all comes down to how you look at.
Will it impact my current job role? No, in my current role there is no need for me to actually “test” a client’s wireless networks. I do however review their setup and make recommendations on how to improve their security.
Do I see any job postings that interest me with OSWP as a requirement? Almost never, but I do see the odd posting with it as a complementary or nice to have. So having the OSWP on my resume does add a little extra padding.
Do I plan to use it for more than testing wireless networks security? Yes, in fact, I have spoken at IT conferences about wireless security (https://www.youtube.com/watch?v=d7sV8CanzkY), plus numerous boardroom presentations. And had I been able to secure the travel budget and time I was planning to speak at SpiceWorld 2019 about WPA3. In for these presentations having the OWSP certification would add more credibility to my words.
What else am I planning to do with it?-I’m hoping to run a wireless capture the flag event at my local security conference. The OSWP will help me receive approval/support from the event organizers to make it happen.
These last 2 things can greatly help advance my career as they help build a name for myself in the security community and make those precious connections since it can often come down to a “who you know” situation when competing for a new job in this industry.
So what will it do for my career?
On its own – nothing, but as part of the bigger picture – a lot!
I hope that you have found my take on OSWP in 2019 helpful in your decision as to if it is the right course for you.